This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
RE: Question about cygwin sshd and StrictModes
- From: "Matt Berney" <mberney at polyserve dot com>
- To: <cygwin at cygwin dot com>
- Date: Tue, 9 Dec 2003 16:49:05 -0800
- Subject: RE: Question about cygwin sshd and StrictModes
Here is the debug info from a 'successful' attempt (i.e. StrictModes no)
$ ssh -v root@qar50s1 id
OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to qar50s1 [10.11.50.1] port 22.
debug1: Connection established.
debug1: identity file /home/mberney/.ssh/identity type -1
debug1: identity file /home/mberney/.ssh/id_rsa type -1
debug1: identity file /home/mberney/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p2
debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'qar50s1' is known and matches the RSA host key.
debug1: Found key in /home/mberney/.ssh/known_hosts:85
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/mberney/.ssh/identity
debug1: Trying private key: /home/mberney/.ssh/id_rsa
debug1: Offering public key: /home/mberney/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 434
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: id
uid=37278(root) gid=10513(Domain Users) groups=544(Administrators),545(Users),10512(Domain Admins),10513(Domain Users)
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.7 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
> -----Original Message-----
> From: Matt Berney
> Sent: Tuesday, December 09, 2003 4:23 PM
> To: 'cygwin@cygwin.com'
> Cc: Matt Berney
> Subject: Question about cygwin sshd and StrictModes
>
> I have a question about the /etc/sshd_config file under cygwin. I have cygwin v1.5.5 and openssh
>
> Cygwin Package Information
> Package Version
> cygwin 1.5.5-1
> cygwin-doc 1.3-6
>
> openssh 3.7.1p2-1
> openssl 0.9.7c-1
> openssl-devel 0.9.7c-1
> openssl096 0.9.6j-1
>
> What is the recommended technique to allow for ssh without passwords? Here is my procedure:
> 1) on the server, ssh-host-config
> 2) on the server, ssh-keygen -d (no passkey e.g. blank)
> 3) on the server, net start sshd
>
> 4) on the client, ssh-keygen -d (no passkey e.g. blank)
> 5) on the client, scp ~/.ssh/id_dsa.pub qar50s1:
>
> 6) on the server, cat id_dsa.pub >> .ssh/authorized_keys2
>
> All of this works just fine until I change the /etc/sshd_config file to set StrictModes to yes
>
> [sshd_config]
> StrictModes yes
>
>
> What do I have to do to make this work? Here is the debug output:
>
> OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003
> debug1: Reading configuration data /etc/ssh_config
> debug1: Connecting to qar50s1 [10.11.50.1] port 22.
> debug1: Connection established.
> debug1: identity file /home/mberney/.ssh/identity type -1
> debug1: identity file /home/mberney/.ssh/id_rsa type -1>
> debug1: identity file /home/mberney/.ssh/id_dsa type 2
> debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p2
> debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'qar50s1' is known and matches the RSA host key.
> debug1: Found key in /home/mberney/.ssh/known_hosts:85
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/mberney/.ssh/identity
> debug1: Trying private key: /home/mberney/.ssh/id_rsa
> debug1: Offering public key: /home/mberney/.ssh/id_dsa
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
> debug1: Next authentication method: keyboard-interactive
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
> debug1: Next authentication method: password
> root@qar50s1's password:
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/